EP1868126B1 - Device and method for discovering emulated clients - Google Patents
Device and method for discovering emulated clients Download PDFInfo
- Publication number
- EP1868126B1 EP1868126B1 EP20060290992 EP06290992A EP1868126B1 EP 1868126 B1 EP1868126 B1 EP 1868126B1 EP 20060290992 EP20060290992 EP 20060290992 EP 06290992 A EP06290992 A EP 06290992A EP 1868126 B1 EP1868126 B1 EP 1868126B1
- Authority
- EP
- European Patent Office
- Prior art keywords
- client
- challenge
- response
- iterations
- verifier
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0869—Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
- G06F21/445—Program or device authentication by mutual authentication, e.g. between devices or programs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F12/00—Accessing, addressing or allocating within memory systems or architectures
- G06F12/14—Protection against unauthorised use of memory or access to memory
- G06F12/1408—Protection against unauthorised use of memory or access to memory by using cryptography
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/72—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
- G06F21/725—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits operating on a secure reference time value
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2129—Authenticate client device independently of the user
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2137—Time limited access, e.g. to a computer or data
Definitions
- the invention is generally directed to secure networks, and more specifically to authentication of devices in such networks.
- One of the solutions that attempt to thwart the efforts of the hackers is authentication, i.e. the server authenticates the client to ensure that it is an authentic client.
- the authentication may be performed using the presentation of a valid or signed identity, the presentation of a username and associated password, or protocols involving symmetric or asymmetric cryptography.
- EP 1650671 presents an authentication solution in which a transmitter sends a random challenge to a client. The transmitter and the receiver then calculate N responses to the challenge. The transmitter then requests the receiver to send a response, starts a timer, receives a response, stops the timer, and checks that the response was correct and received in time. This is iterated until the N responses have been checked.
- Another solution is to use closed platforms that are difficult to reverse engineer to recover their secrets or to modify their behaviour.
- This solution usually used together with other solutions such as authentication, is for example used in game stations (e.g. PlayStation and Xbox), set-top boxes in pay-TV systems, triple-play modems (e.g. Freebox and Livebox) or mobile phones.
- game stations e.g. PlayStation and Xbox
- set-top boxes e.g. pay-TV systems
- triple-play modems e.g. Freebox and Livebox
- mobile phones e.g. Freebox and Livebox
- the system authority needs to be aware that a device has been cracked. This may take.a long time during which the hacker may continue to enjoy the services or, even worse, let others know how to emulate the device so that the services may be used by many people.
- a solution to this problem is fingerprinting a client, for example by measuring execution time.
- This kind of fingerprinting assumes that an emulated client is slower than a client on a bona fide platform, but as processors still become faster and faster, this is not an assumption to be relied upon, especially for platforms of a certain age.
- the present invention provides such a solution.
- the invention is directed to a method for discovering if a client is emulated.
- a challenge requiring a deterministic number of iterations to be solved is sent to the client and the time between the sending and the reception of a response is measured.
- reception of the response comprising the number of iterations needed to salve the challenge, it is determined that the client is non-emulated if the number of iterations in the response matches the expected number of iterations and if the response was timely.
- the challenge is dependent on an identity of the client or of a user of the client.
- the challenge is a cryptographic challenge, advantageously a key search. It is particularly beneficial to have the cryptographic challenge comprise a non-encrypted version of a value, an encrypted version of the value, and a base for the first key to use in the key search.
- the invention is directed to a verifier for discovering if a client is emulated.
- the verifier comprises a communication interface for sending a challenge to the client, the challenge requiring a deterministic number of iterations to be solved.
- the verifier further comprises a timer for measuring the time between the sending of the challenge and the reception of the response.
- the interface is also for receiving from the client a response comprising the number of iterations.
- the verifier further comprises a processor for selecting the challenge and for determining that the client is non-emulated if the number of iterations in the response matches the expected number of iterations and if the response was timely.
- the processor is adapted to make the challenge dependent on an identity of the client or of a user of the client.
- the processor is adapted to select a challenge, which is a cryptographic key search challenge that comprises a non-encrypted version of a value, an encrypted version of the value, and a base for the first key to use in the key search.
- a challenge which is a cryptographic key search challenge that comprises a non-encrypted version of a value, an encrypted version of the value, and a base for the first key to use in the key search.
- Fig. 1 illustrates a client 10 and a verifier 20 adapted to interact with each other.
- the client 10 comprises a processor (CPU) 11, a memory 13 adapted to store applications executed by the processor 11, and a communication interface (I/O) 14 adapted for communication with devices, notably the verifier 20 over a network 1.
- the verifier 20 comprises a processor (CPU) 21, a timer 22 dedicated to the processor 21, a memory 23 for use by the processor 21, and a communication interface (I/O) 24 adapted for communication with devices, notably the client 10, over the network 1.
- Fig. 2 illustrates a preferred embodiment of the method of verifying that a client runs on a certain platform, in other words that it is not emulated, according to a preferred embodiment of the invention.
- the verifier 20 wants to verify that the client 10 runs on a certain platform, it opens 202 a communication session with the client 10.
- the verifier selects 204, preferably at random, a cryptographic challenge C for the client 10.
- the cryptographic challenge C is computed using a cryptographic function, preferably based on an Advanced Encryption Standard (AES) algorithm with a key length of 128 bits.
- AES Advanced Encryption Standard
- the cryptographic challenge C may be expressed as (clear, start, ⁇ clear ⁇ start+tries ), where:
- the verifier 20 sends 206 the chosen cryptographic challenge C to the client 10, and starts 208 the timer 22.
- the client 10 Upon reception of the cryptographic challenge C, the client 10 stores it in its memory 13, and performs 210 a deterministic key search, successively trying keys following a predetermined algorithm until the correct key is found.
- a preferred key search algorithm is:
- the client 10 further includes the correct key in the message to the verifier 20.
- the cryptographic challenge requires the client 10 to reverse a hash function.
- the verifier 20 Upon reception of the result 212 from the client 10, the verifier 20 stops 214 its timer 22; in other words, the timer of the verifier measures the time between the sending of the challenge and the reception of a response. The verifier 20 then checks 216 that the result, i.e. start+i, equals the expected value, i.e. start+tries; in other words, that i equals tries.
- the verifier 20 If the check 216 is unsuccessful then the verifier 20 knows that the client 10 is emulated. However, if the check 216 is successful, then the verifier 20 goes on to check 218 that the value read from its timer 22 does not exceed an expected time plus a chosen network transmission delay. In other words, the verifier 20 checks that the response 212 is timely, thereby diminishing the time available for hackers to crack the proper response. If this second check 218 is successful, then the verifier 20 may conclude that the client 10 runs on the expected platform.
- the verifier 20 may require that the client 10 correctly respond to a number of successive challenges before concluding that it runs on the expected platform.
- the cryptographic challenge depends on an identifier or other data linked to the client 10 or the user, such as a client identity number or a user identity or subscription number, combined with a random number, for example by XOR, addition, hashing or encryption.
- a client identity number or a user identity or subscription number combined with a random number, for example by XOR, addition, hashing or encryption.
- the server preferably creates the challenge as described hereinbefore, using, instead of start+tries, start+tries+(identifier)mod2 ⁇ 32, i.e. the identifier modulo 2 ⁇ 32.
- the server then calculates the result, but only sends start+tries to the client, which completes this with its identifier modulo 2 ⁇ 32.
- the invention is not restricted to the use of cryptographic challenges, but may also use other kinds of challenges that requires the client to perform calculations according to a predetermined method and return the number of iterations needed. For example: iterative calculation to a certain accuracy of a mathematical function starting from a given start value.
- the present invention enables cost effective detection of an emulated client that may be adapted to continually make it more difficult for hackers.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
- Storage Device Security (AREA)
- Computer And Data Communications (AREA)
Description
- The invention is generally directed to secure networks, and more specifically to authentication of devices in such networks.
- It is very common in networks to have a server providing services to a client. The client, commonly with a user, demands a service from the server, which, usually after verification that the client has the right to access the service, provides the service to the client. Examples of such services are video-on-demand, printing of documents, and unlocking of locked doors.
- Unfortunately, there are people, so called "hackers" or "pirates" who try to obtain access to such services without having the right to do so. To this end, they use various techniques to overcome the security solutions in the networks.
- One of the solutions that attempt to thwart the efforts of the hackers is authentication, i.e. the server authenticates the client to ensure that it is an authentic client. The authentication may be performed using the presentation of a valid or signed identity, the presentation of a username and associated password, or protocols involving symmetric or asymmetric cryptography.
EP 1650671 presents an authentication solution in which a transmitter sends a random challenge to a client. The transmitter and the receiver then calculate N responses to the challenge. The transmitter then requests the receiver to send a response, starts a timer, receives a response, stops the timer, and checks that the response was correct and received in time. This is iterated until the N responses have been checked. - Another solution is to use closed platforms that are difficult to reverse engineer to recover their secrets or to modify their behaviour. This solution, usually used together with other solutions such as authentication, is for example used in game stations (e.g. PlayStation and Xbox), set-top boxes in pay-TV systems, triple-play modems (e.g. Freebox and Livebox) or mobile phones. This is, naturally, quite different from personal computers (PCs) for which it may be argued that their strength comes from the diversity of architectures.
- While it is difficult to emulate a closed platform sufficiently to impersonate it towards the server, it has been shown that this is not impossible. The standard solution to this problem is revocation. When the system authority becomes aware that a client has been cracked, the client is put on a revocation list. During authentication, the server first verifies if the client is on the revocation list and, if so, denies service.
- For the revocation to be efficient, the system authority needs to be aware that a device has been cracked. This may take.a long time during which the hacker may continue to enjoy the services or, even worse, let others know how to emulate the device so that the services may be used by many people.
- A solution to this problem is fingerprinting a client, for example by measuring execution time. This kind of fingerprinting assumes that an emulated client is slower than a client on a bona fide platform, but as processors still become faster and faster, this is not an assumption to be relied upon, especially for platforms of a certain age.
- It can thus be appreciated that there is a need for a solution that improves upon the current security solutions, making it easier to detect emulated devices.
- The present invention provides such a solution.
- In a first aspect, the invention is directed to a method for discovering if a client is emulated. A challenge requiring a deterministic number of iterations to be solved is sent to the client and the time between the sending and the reception of a response is measured. Upon reception of the response comprising the number of iterations needed to salve the challenge, it is determined that the client is non-emulated if the number of iterations in the response matches the expected number of iterations and if the response was timely.
- In a preferred embodiment, the challenge is dependent on an identity of the client or of a user of the client.
- In another preferred embodiment, the challenge is a cryptographic challenge, advantageously a key search. It is particularly beneficial to have the cryptographic challenge comprise a non-encrypted version of a value, an encrypted version of the value, and a base for the first key to use in the key search.
- In a second aspect, the invention is directed to a verifier for discovering if a client is emulated. The verifier comprises a communication interface for sending a challenge to the client, the challenge requiring a deterministic number of iterations to be solved. The verifier further comprises a timer for measuring the time between the sending of the challenge and the reception of the response. The interface is also for receiving from the client a response comprising the number of iterations. The verifier further comprises a processor for selecting the challenge and for determining that the client is non-emulated if the number of iterations in the response matches the expected number of iterations and if the response was timely.
- In a preferred embodiment, the processor is adapted to make the challenge dependent on an identity of the client or of a user of the client.
- In another preferred embodiment, the processor is adapted to select a challenge, which is a cryptographic key search challenge that comprises a non-encrypted version of a value, an encrypted version of the value, and a base for the first key to use in the key search.
- Preferred features of the present invention will now be described, by way of example, with reference to the accompanying drawings, in which:
-
Fig. 1 illustrates a client and a verifier according to a preferred embodiment of the invention; and -
Fig. 2 illustrates a method of verifying that a client runs on a certain platform according to a preferred embodiment of the invention. -
Fig. 1 illustrates aclient 10 and averifier 20 adapted to interact with each other. Theclient 10 comprises a processor (CPU) 11, amemory 13 adapted to store applications executed by theprocessor 11, and a communication interface (I/O) 14 adapted for communication with devices, notably theverifier 20 over a network 1. Theverifier 20 comprises a processor (CPU) 21, atimer 22 dedicated to theprocessor 21, amemory 23 for use by theprocessor 21, and a communication interface (I/O) 24 adapted for communication with devices, notably theclient 10, over the network 1. -
Fig. 2 illustrates a preferred embodiment of the method of verifying that a client runs on a certain platform, in other words that it is not emulated, according to a preferred embodiment of the invention. When theverifier 20 wants to verify that theclient 10 runs on a certain platform, it opens 202 a communication session with theclient 10. The verifier then selects 204, preferably at random, a cryptographic challenge C for theclient 10. The cryptographic challenge C is computed using a cryptographic function, preferably based on an Advanced Encryption Standard (AES) algorithm with a key length of 128 bits. In a preferred embodiment, the cryptographic challenge C may be expressed as (clear, start, {clear}start+tries), where: - clear is random number,
- start is a random number used as a starting point for the cryptographic challenge C,
- tries is the number of tries to be performed by the
client 10. In other words, start+tries is used as an ending point for breaking the cryptographic challenge C, and - {clear}start+tries is the result of the encryption of clear with key number start+tries. This is the ciphered message of the cryptographic challenge C.
- The
verifier 20 sends 206 the chosen cryptographic challenge C to theclient 10, and starts 208 thetimer 22. Upon reception of the cryptographic challenge C, theclient 10 stores it in itsmemory 13, and performs 210 a deterministic key search, successively trying keys following a predetermined algorithm until the correct key is found. A preferred key search algorithm is: - 1. Initialize a try counter i=1,
- 2. Compute {clear}start+i,
- 3. Check if the result is equal to {clear}start+tries,
- 4a. If so, send 212 i to the
verifier 20 as the result of the broken cryptographic challenge C, - 4b. If not, increment i and go to step 2.
- It should be noted that many variants are possible, such as for example use a more complex function than simple increment to modify i. In an alternate embodiment, in step 4a, the
client 10 further includes the correct key in the message to theverifier 20. - In an alternate preferred embodiment, the cryptographic challenge C may be expressed as (clear, Kstart, ( clear)K=H(tries)), where:
- clear is a number or data depending on the
client 10 or the user, such as a client identity number or a user identity or subscription number, XOR-ed with a random number, - Kstart is a key to use as a starting point for the key search,
- {clear}K=H(tries) is clear encrypted with a key that corresponds to a hash value of tries, i.e. of the number of iterations necessary to find the correct key. It is also possible to use a key K corresponding to a hash value of the number of tries XOR-ed with a random number.
- The key search algorithm of the alternate preferred embodiment is:
- 1. Initialize a try counter i=1,
- 2. Compute Ki = Kstart + i,
- 3. Compute {clear}Ki,
- 4. Check if the result is equal to {clear}H(tries),
- 5a. If so, send Ki and the number of tries i to the
verifier 20 as the result of the broken cryptographic challenge C, - 5b. If not, increment i and go to step 2.
- In a further alternate preferred embodiment, the cryptographic challenge C may be expressed as (clear, Kstart, {Clear}K=Htries (Kstart)) , where:
- clear is a number or data depending on the
client 10 or the user, such as a client identity number or a user identity or subscription number, XOR-ed with a random number, - Kstart is a key to use as a starting point for the key search,
- {clear}K=Htries(Kstart) is clear encrypted with a key that corresponds to a value calculated by hashing Kstart tries number of times.
- The key search algorithm of the alternate preferred embodiment is:
- 1. Initialize i=1 and Ko= Kstart,
- 2. Compute Ki = H (Ki-1) ,
- 3. Compute {clear}Ki,
- 4. Check if the result is equal to {clear}Htries(Kstart),
- 5a. If so, send Ki and the number of tries i to the
verifier 20 as the result of the broken cryptographic challenge C, - 5b. If not, increment i and go to step 2.
- In yet a further embodiment, the cryptographic challenge requires the
client 10 to reverse a hash function. - Upon reception of the
result 212 from theclient 10, theverifier 20 stops 214 itstimer 22; in other words, the timer of the verifier measures the time between the sending of the challenge and the reception of a response. Theverifier 20 then checks 216 that the result, i.e. start+i, equals the expected value, i.e. start+tries; in other words, that i equals tries. - If the
check 216 is unsuccessful then theverifier 20 knows that theclient 10 is emulated. However, if thecheck 216 is successful, then theverifier 20 goes on to check 218 that the value read from itstimer 22 does not exceed an expected time plus a chosen network transmission delay. In other words, theverifier 20 checks that theresponse 212 is timely, thereby diminishing the time available for hackers to crack the proper response. If thissecond check 218 is successful, then theverifier 20 may conclude that theclient 10 runs on the expected platform. - In an alternate embodiment, the
verifier 20 may require that theclient 10 correctly respond to a number of successive challenges before concluding that it runs on the expected platform. - In a preferred embodiment, the cryptographic challenge depends on an identifier or other data linked to the
client 10 or the user, such as a client identity number or a user identity or subscription number, combined with a random number, for example by XOR, addition, hashing or encryption. This makes it more difficult for a hacker to e.g. use two clients - one emulated with a stolen ID and one non-emulated - to pass the first verification step on one of them and a second step on the other. - To have the cryptographic challenge depend on an identifier, the server preferably creates the challenge as described hereinbefore, using, instead of start+tries, start+tries+(identifier)mod2^32, i.e. the identifier modulo 2^32. The server then calculates the result, but only sends start+tries to the client, which completes this with its identifier modulo 2^32. Thus, it is verified that the challenge was performed on a non-emulated platform using a correct identifier.
- It should be noted that the invention is not restricted to the use of cryptographic challenges, but may also use other kinds of challenges that requires the client to perform calculations according to a predetermined method and return the number of iterations needed. For example: iterative calculation to a certain accuracy of a mathematical function starting from a given start value.
- As will be appreciated, the present invention enables cost effective detection of an emulated client that may be adapted to continually make it more difficult for hackers.
- It will be understood that the present invention has been described purely by way of example, and modifications of detail can be made without departing from the scope of the invention.
- Each feature disclosed in the description and (where appropriate) the claims and drawings may be provided independently or in any appropriate combination. Features described as being implemented in hardware may also be implemented in software, and vice versa. Connections may, where applicable, be implemented as wireless connections or wired, not necessarily direct or dedicated, connections.
- Reference numerals appearing in the claims are by way of illustration only and shall have no limiting effect on the scope of the claims.
Claims (8)
- A method for discovering if a client (10) is emulated, the method comprising the steps of:- sending (206) a challenge to the client (10), the challenge requiring a deterministic number of iterations to be solved;
measuring (208, 214) the time between the sending of the challenge and the reception of a response; and- upon reception of the response (212) comprising a number of iterations needed to solve the challenge, determining (216, 218) that the client (10) is non-emulated if the number of iterations in the response matches the expected number of iterations and if the response was timely, - The method of claim 1, wherein the challenge is dependent on an identity of the client (10) or of a user of the client (10).
- The method of claim 1, wherein the challenge is a cryptographic challenge.
- The method of claim 3, wherein the cryptographic challenge is a key search.
- The method of claim 4, wherein the cryptographic challenge comprises a non-encrypted version of a value, an encrypted version of the value, and a base for a first key to use in the key search.
- A verifier (20) for discovering if a client (10) is emulated, the verifier (20) comprising:a communication interface (24) for sending a challenge to the client (10), the challenge requiring a deterministic number of iterations to be solved, and for receiving a response (212) from the client, the response (212) comprising the number of iterations:a timer (22) for measuring the time between the sending of the challenge and the reception of the response; anda processor for:selecting the challenge; anddetermining (216) that the client (10) is non emulated if the number of iterations in the response matches the expected number of iterations and if the response was timely.
- The verifier of claim 6, wherein the processor is adapted to make the challenge dependent on an identity of the client (10) or of a user of the client (10),
- The verifier of claim 6, wherein the processor is adapted to select a challenge, which is a cryptographic key search challenge that comprises a non-encrypted version of a value, an encrypted version of the value, and a base for a first key to use in the key search.
Priority Applications (5)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP20060290992 EP1868126B1 (en) | 2006-06-16 | 2006-06-16 | Device and method for discovering emulated clients |
TW96118631A TWI412254B (en) | 2006-06-16 | 2007-05-25 | Device and method using non-cycle accurate measurements for discovering emulated clients |
US11/809,480 US9137248B2 (en) | 2006-06-16 | 2007-06-01 | Device and method using non-cycle accurate measurements for discovering emulated clients |
JP2007157637A JP5183978B2 (en) | 2006-06-16 | 2007-06-14 | Apparatus and method using high precision non-cycle measurement to find emulated clients |
CN 200710110153 CN101090321B (en) | 2006-06-16 | 2007-06-18 | Device and method for discovering emulated clients |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP20060290992 EP1868126B1 (en) | 2006-06-16 | 2006-06-16 | Device and method for discovering emulated clients |
Publications (2)
Publication Number | Publication Date |
---|---|
EP1868126A1 EP1868126A1 (en) | 2007-12-19 |
EP1868126B1 true EP1868126B1 (en) | 2011-08-10 |
Family
ID=37398740
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP20060290992 Expired - Fee Related EP1868126B1 (en) | 2006-06-16 | 2006-06-16 | Device and method for discovering emulated clients |
Country Status (5)
Country | Link |
---|---|
US (1) | US9137248B2 (en) |
EP (1) | EP1868126B1 (en) |
JP (1) | JP5183978B2 (en) |
CN (1) | CN101090321B (en) |
TW (1) | TWI412254B (en) |
Families Citing this family (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2012174195A (en) * | 2011-02-24 | 2012-09-10 | Renesas Electronics Corp | Authentication system |
CN105683843B (en) * | 2013-08-30 | 2019-05-31 | 惠普发展公司,有限责任合伙企业 | It is authenticated via the supply of timing challenge response |
US9195821B2 (en) * | 2013-11-24 | 2015-11-24 | Truly Protect Oy | System and methods for remote software authentication of a computing device |
GB201413836D0 (en) * | 2014-08-05 | 2014-09-17 | Arm Ip Ltd | Device security apparatus and methods |
GB2540961B (en) | 2015-07-31 | 2019-09-18 | Arm Ip Ltd | Controlling configuration data storage |
GB2540965B (en) | 2015-07-31 | 2019-01-30 | Arm Ip Ltd | Secure configuration data storage |
US10728230B2 (en) * | 2018-07-05 | 2020-07-28 | Dell Products L.P. | Proximity-based authorization for encryption and decryption services |
Family Cites Families (24)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5815665A (en) | 1996-04-03 | 1998-09-29 | Microsoft Corporation | System and method for providing trusted brokering services over a distributed network |
US7197639B1 (en) | 1999-02-05 | 2007-03-27 | Rsa Security Inc. | Cryptographic countermeasures against connection depletion attacks |
US6289455B1 (en) * | 1999-09-02 | 2001-09-11 | Crypotography Research, Inc. | Method and apparatus for preventing piracy of digital content |
US6985940B1 (en) | 1999-11-12 | 2006-01-10 | International Business Machines Corporation | Performance testing of server systems |
US7685423B1 (en) * | 2000-02-15 | 2010-03-23 | Silverbrook Research Pty Ltd | Validation protocol and system |
FI20000760A0 (en) | 2000-03-31 | 2000-03-31 | Nokia Corp | Authentication in a packet data network |
US6940980B2 (en) * | 2000-12-19 | 2005-09-06 | Tricipher, Inc. | High security cryptosystem |
FI115098B (en) | 2000-12-27 | 2005-02-28 | Nokia Corp | Authentication in data communication |
FI115097B (en) | 2000-12-27 | 2005-02-28 | Nokia Corp | Circuit authentication method in online data communication, involves forming authentication key for encrypting client credentials independent of client response using client's secret |
US7516325B2 (en) * | 2001-04-06 | 2009-04-07 | Certicom Corp. | Device authentication in a PKI |
US7194765B2 (en) | 2002-06-12 | 2007-03-20 | Telefonaktiebolaget Lm Ericsson (Publ) | Challenge-response user authentication |
WO2003093923A2 (en) * | 2002-04-30 | 2003-11-13 | Robert Eryou | System and apparatus for authenticating to a system or network |
WO2004014037A1 (en) * | 2002-07-26 | 2004-02-12 | Koninklijke Philips Electronics N.V. | Secure authenticated distance measurement |
CN1243434C (en) * | 2002-09-23 | 2006-02-22 | 华为技术有限公司 | Method for implementing EAP authentication in remote authentication based network |
JP4881538B2 (en) * | 2003-06-10 | 2012-02-22 | 株式会社日立製作所 | Content transmitting apparatus and content transmitting method |
CN1274105C (en) * | 2003-06-12 | 2006-09-06 | 上海格尔软件股份有限公司 | Dynamic password authentication method based on digital certificate implement |
JP4692826B2 (en) * | 2003-07-28 | 2011-06-01 | ソニー株式会社 | Information processing apparatus and method, recording medium, and program |
CA2542985C (en) * | 2003-10-14 | 2015-04-21 | Grid Data Security, Inc. | Authentication system |
US7512794B2 (en) * | 2004-02-24 | 2009-03-31 | Intersil Americas Inc. | System and method for authentication |
US20050246529A1 (en) | 2004-04-30 | 2005-11-03 | Microsoft Corporation | Isolated persistent identity storage for authentication of computing devies |
US7886345B2 (en) | 2004-07-02 | 2011-02-08 | Emc Corporation | Password-protection module |
US8887287B2 (en) | 2004-10-27 | 2014-11-11 | Alcatel Lucent | Method and apparatus for software integrity protection using timed executable agents |
CN101120351B (en) * | 2005-02-18 | 2010-10-06 | Rsa安全公司 | Derivative seeds distribution method |
US8302199B2 (en) * | 2005-04-06 | 2012-10-30 | Valve Corporation | Anti-cheat facility for use in a networked game environment |
-
2006
- 2006-06-16 EP EP20060290992 patent/EP1868126B1/en not_active Expired - Fee Related
-
2007
- 2007-05-25 TW TW96118631A patent/TWI412254B/en not_active IP Right Cessation
- 2007-06-01 US US11/809,480 patent/US9137248B2/en not_active Expired - Fee Related
- 2007-06-14 JP JP2007157637A patent/JP5183978B2/en not_active Expired - Fee Related
- 2007-06-18 CN CN 200710110153 patent/CN101090321B/en not_active Expired - Fee Related
Also Published As
Publication number | Publication date |
---|---|
US20080263198A1 (en) | 2008-10-23 |
JP2007336558A (en) | 2007-12-27 |
CN101090321B (en) | 2012-04-18 |
EP1868126A1 (en) | 2007-12-19 |
US9137248B2 (en) | 2015-09-15 |
CN101090321A (en) | 2007-12-19 |
JP5183978B2 (en) | 2013-04-17 |
TWI412254B (en) | 2013-10-11 |
TW200810470A (en) | 2008-02-16 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
KR101237632B1 (en) | Network helper for authentication between a token and verifiers | |
JP4681010B2 (en) | Authentication system and authentication method | |
CN107360571B (en) | Method for anonymous mutual authentication and key agreement protocol in mobile network | |
KR101508497B1 (en) | Data certification and acquisition method for vehicle | |
EP1868126B1 (en) | Device and method for discovering emulated clients | |
US8601267B2 (en) | Establishing a secured communication session | |
TW200810465A (en) | Mutual authentication between two parties using two consecutive one-time passwords | |
KR100842267B1 (en) | Server, Client and Method for integrated user authentication in a system of multi-authentication means | |
MXPA03003710A (en) | Methods for remotely changing a communications password. | |
CN110662091B (en) | Third-party live video access method, storage medium, electronic device and system | |
CN112989426B (en) | Authorization authentication method and device, and resource access token acquisition method | |
CN109716725B (en) | Data security system, method of operating the same, and computer-readable storage medium | |
WO2018046017A1 (en) | Information processing method, device, electronic equipment and computer storage medium | |
CN112312393A (en) | 5G application access authentication method and 5G application access authentication network architecture | |
JP2002509388A (en) | How to strongly authenticate another process in a different address space | |
KR101386962B1 (en) | Device, system and method for service delivery with anti-emulation mechanism | |
WO2013004104A1 (en) | Single sign-on method and system | |
CN114065179B (en) | Authentication method, authentication device, server, client and readable storage medium | |
CN108092994B (en) | User authentication method | |
CN116545708A (en) | Single sign-on system and sign-on method and device | |
KR101737925B1 (en) | Method and system for authenticating user based on challenge-response | |
CN116707961A (en) | User authentication method, computer device, and computer storage medium | |
Tsai et al. | Device Parameter based Secure User Authentication | |
WO2012129985A1 (en) | Method and system for single sign-on |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LI LT LU LV MC NL PL PT RO SE SI SK TR |
|
AX | Request for extension of the european patent |
Extension state: AL BA HR MK YU |
|
AKX | Designation fees paid |
Designated state(s): DE FR GB |
|
17P | Request for examination filed |
Effective date: 20080806 |
|
17Q | First examination report despatched |
Effective date: 20090226 |
|
RAP1 | Party data changed (applicant data changed or rights of an application transferred) |
Owner name: THOMSON LICENSING |
|
GRAP | Despatch of communication of intention to grant a patent |
Free format text: ORIGINAL CODE: EPIDOSNIGR1 |
|
GRAS | Grant fee paid |
Free format text: ORIGINAL CODE: EPIDOSNIGR3 |
|
GRAA | (expected) grant |
Free format text: ORIGINAL CODE: 0009210 |
|
AK | Designated contracting states |
Kind code of ref document: B1 Designated state(s): DE FR GB |
|
REG | Reference to a national code |
Ref country code: GB Ref legal event code: FG4D |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R096 Ref document number: 602006023647 Country of ref document: DE Effective date: 20111013 |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R084 Ref document number: 602006023647 Country of ref document: DE Effective date: 20110831 |
|
PLBE | No opposition filed within time limit |
Free format text: ORIGINAL CODE: 0009261 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: NO OPPOSITION FILED WITHIN TIME LIMIT |
|
26N | No opposition filed |
Effective date: 20120511 |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R097 Ref document number: 602006023647 Country of ref document: DE Effective date: 20120511 |
|
REG | Reference to a national code |
Ref country code: FR Ref legal event code: PLFP Year of fee payment: 11 |
|
REG | Reference to a national code |
Ref country code: FR Ref legal event code: PLFP Year of fee payment: 12 |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R082 Ref document number: 602006023647 Country of ref document: DE Representative=s name: HOFSTETTER, SCHURACK & PARTNER PATENT- UND REC, DE |
|
REG | Reference to a national code |
Ref country code: FR Ref legal event code: PLFP Year of fee payment: 13 |
|
PGFP | Annual fee paid to national office [announced via postgrant information from national office to epo] |
Ref country code: DE Payment date: 20180622 Year of fee payment: 13 |
|
PGFP | Annual fee paid to national office [announced via postgrant information from national office to epo] |
Ref country code: FR Payment date: 20180620 Year of fee payment: 13 |
|
PGFP | Annual fee paid to national office [announced via postgrant information from national office to epo] |
Ref country code: GB Payment date: 20180627 Year of fee payment: 13 |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R119 Ref document number: 602006023647 Country of ref document: DE |
|
GBPC | Gb: european patent ceased through non-payment of renewal fee |
Effective date: 20190616 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: GB Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20190616 Ref country code: DE Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20200101 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: FR Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20190630 |
|
P01 | Opt-out of the competence of the unified patent court (upc) registered |
Effective date: 20230527 |